|
OK, here is another idea, but I'm looking for comments before I actually implement this. As reported earlier, the goal is to enable audit logging and potential content filtering at each of several small satellite office with just 2 - 4 PCs each. Also to try to eliminate the need for a PC dedicated to being a traffic cop (eg IPCop), and to minimize the remote administration necessary. The corporate home office already has logging and content filtering capabilities, and the PCs at the remote offices will be running VPN clients to connect to the home office. Can I force the remote PCs to channel their browsing through the VPN and thus allow the logging and content filtering of the home office to track the remote offices as well? One implication here is that there is increased bandwidth on the home office T1 when the offices have a more direct internet connection. But in theory they think there *should* be little enough traffic happening that it won't make a noticeable difference. So here is what I tried, and it seems to be working, but I'm looking for comments. Configuration steps: 1) Install Linksys WRT54G router as DSL gateway for a remote location 2) Install VPN client on each PC at a remote location 3) Configure a VPN connection to home office LAN 4) Block all outbound HTTP and HTTPS traffic at the Linksys router to avoid directly browsing via the DSL connection 5) Configure browser to use a proxy server at the home office (so via the VPN connection) In a simple trial here, it seems to work. Browsing is blocked until I establish a VPN connection, then all traffic is logged / filtered at the corporate system. Disadantages: - Increases bandwidth usage on the corporate WAN link because it includes all remote browsing (and it is bi-directional besides...) - Slower remote browsing due to both VPN overhead and shared bandwidth with corporate users Advantages: - All audit logs and content filters are in a single location at the corporate office - Disabling the HTTP proxy does not bypass the logs / filters; it disables browsing due to block at router - Attaching another device such as a laptop to the switch does not allow circumvent of the rules Aside from the increased corporate bandwidth issue, what problems are there with this configuration? In a simple test, it appears to work and lets me get by with a $60 router at each location (which is actually just $40 this week at the local OfficeMax). Comments anyone?
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.